CEHACKING-11

Document Sample
CEHACKING-11 Powered By Docstoc
					Ethical Hacking
Version 5




Module XI
Hacking Web Servers
       Scenario

         SpeedCake4u, a cake manufacturing firm wants to
         set up a website for showcasing its products. Matt, a
         high school graduate was assigned the task of
         building the website. Even though Matt was not a
         pro in website building, the $2000 pay was the main
         motivation for him to take up the task.

         He builds a website with all the features that the
         company management asked.

         The following day the cake manufacturing firm’s
         website was defaced with the Title “Your cake
         stinks!”

         How was it possible to deface the website?

         Is Matt the culprit?
                                                                                           Copyright © by EC-Council
EC-Council                                                       All Rights reserved. Reproduction is strictly prohibited
      Security News
      http://news.com.com/2102-7349_3-6085589.html?tag=st.util.print




                                                                                     Copyright © by EC-Council
EC-Council                                                 All Rights reserved. Reproduction is strictly prohibited
       Module Objective

       This module will familiarize you with the following:
             Web Servers
             Popular Web Servers and Common Vulnerabilities
             Apache Web Server Security
             IIS Server Security
             Attacks against Web Servers
             Tools used in Attack
             Patch Management
             Understanding Vulnerability Scanners
             Countermeasures
             Increasing Web Server Security


                                                                                   Copyright © by EC-Council
EC-Council                                               All Rights reserved. Reproduction is strictly prohibited
       Module Flow

                                        Hacking Tools to
                  Web Servers         Exploit Vulnerabilities



             Web Server Defacement     Patch Management




              Apache Vulnerability    Vulnerability Scanners




               Attacks against IIS      Countermeasures



                                          Increasing
         Web Server Vulnerabilities    Web Server Security

                                                                Copyright © by EC-Council
EC-Council                            All Rights reserved. Reproduction is strictly prohibited
       How Web Servers Work


             The browser connects to the server and requests a page




                          The server sends back the requested page

     Machine running
     web browser
                                                                               Server
                                                                               machine
                                                                               running a web
                                                                               server



                                                                                     Copyright © by EC-Council
EC-Council                                                 All Rights reserved. Reproduction is strictly prohibited
       How Web Servers Work (cont’d)
 1.   The browser breaks the URL into     4.   Following the HTTP protocol,
      three parts:
                                               the browser sends a GET
      1. The protocol ("http")
      2. The server name                       request to the server, asking for
         ("www.website.com")                   the file http://webpage.html
      3. The filename
         ("webpage.html")                 5.   The server sends the HTML
 2.   The browser communicates with a          text for the web page to the
      name server, which translates the        browser
      server name, www.website.com,
      into an IP address                  6.   The browser reads the HTML
 3.   The browser then forms a TCP             tags and formats the page onto
      connection to the web server at
      that IP address on port 80               the screen
                                                                               Copyright © by EC-Council
EC-Council                                           All Rights reserved. Reproduction is strictly prohibited
       How are Web Servers Compromised?

      Misconfigurations: In operating
      systems or networks
      Bugs: OS bugs may allow commands
      to be run on the web
      Installing the server with defaults:
      Service packs may not be applied in
      the process, leaving holes behind
      Lack of proper security policy,
      procedures, and maintenance may
      create many loopholes for attackers to
      exploit
                                                                         Copyright © by EC-Council
EC-Council                                     All Rights reserved. Reproduction is strictly prohibited
       Web Server Defacement




                                                         Copyright © by EC-Council
EC-Council                     All Rights reserved. Reproduction is strictly prohibited
       How are Web Servers Defaced?
       Credentials through Man-in-   Web shares misconfigurations
       the-middle attack             Wrongly assigned permissions
       Password brute force          Rerouting after firewall attack
       Administrator account         Rerouting after router attack
       DNS attack through cache      SQL Injection
       poisoning
                                     SSH intrusion
       DNS attack through social     Telnet intrusion
       engineering
                                     URL poisoning
       FTP server intrusion
                                     Web Server extension
       Mail server intrusion         intrusion
       Web application bugs          Remote service intrusion

                                                                       Copyright © by EC-Council
EC-Council                                   All Rights reserved. Reproduction is strictly prohibited
       Apache Vulnerability
      The Apache Week tracks the vulnerabilities in
      Apache Server. Even Apache has its share of
      bugs and fixes
      For instance, consider the vulnerability which
      was found in the Win32 port of Apache 1.3.20
       • Long URLs passing through the
         mod_negative, mod_dir and
         mode_autoindex modules could cause
         Apache to list directory contents
       • The concept is simple but requires a few
         trial runs
       • A URL with a large number of trailing
         slashes:
             – /cgi-bin /////////////// / // / / / / / // / / /
               could produce directory listing of the original
               directory
                                                                                            Copyright © by EC-Council
EC-Council                                                        All Rights reserved. Reproduction is strictly prohibited
       Attacks Against IIS
        IIS is one of the most widely used web server
        platforms on the Internet
        Microsoft's web server has been a frequent
        target over the years
        Various vulnerabilities have attacked it
        Examples include:
        •    ::$DATA vulnerability
        •    showcode.asp vulnerability
        •    Piggy backing vulnerability
        •    Privilege command execution
        •    Buffer Overflow exploits (IIShack.exe)
        •    WebDav / RPC Exploits

                                     Warning
   These outdated vulnerability has been presented here as a proof
   of concept to demonstrate how a buffer overflow attack works
                                                                                  Copyright © by EC-Council
EC-Council                                              All Rights reserved. Reproduction is strictly prohibited
       IIS Components

      IIS relies heavily on a collection
      of DLLs that work together with
      the main server process,
      inetinfo.exe, to provide various
      capabilities. Example: server side
      scripting, content indexing, web-
      based printing, and so on
      This architecture provides
      attackers with different
      functionality to exploit via
      malicious input

                                                                     Copyright © by EC-Council
EC-Council                                 All Rights reserved. Reproduction is strictly prohibited
    IIS Directory Traversal (Unicode) Attack
       The vulnerability in unpatched Windows 2000 machine
       results because of a canonicalization error affecting CGI
       scripts and ISAPI extensions (.ASP is probably the best
       known ISAPI-mapped file type)
       Canonicalization is the process by which various equivalent
       forms of a name can be resolved to a single, standard name
       For example, "%c0%af" and "%c1%9c" are overlong
       representations for ?/? and ?\?
       Thus, by feeding the HTTP request (as shown below) to IIS,
       arbitrary commands can be executed on the server:

  GET/scripts/..%c0%af../winnt/system32/cmd.exe?/
     c+dir=c:\ HTTP/1.0
                                    Warning
   This outdated vulnerability has been presented here as a proof
   of concept to demonstrate how a buffer overflow attack works
                                                                                     Copyright © by EC-Council
EC-Council                                                 All Rights reserved. Reproduction is strictly prohibited
       Unicode

       ASCII characters for the dots are replaced with
       the Unicode equivalent (%2E)
       ASCII characters for the slashes are replaced
       with Unicode equivalent (%c0%af)
       Unicode 2.0 allows multiple encoding
       possibilities for each characters
       Unicode for "/": 2f, c0af, e080af, f08080af,
       f8808080af, .....
       Overlong Unicode is NOT malformed, but not
       allowed by a correct Unicode encoder and
       decoder
       Maliciously used to bypass filters that check
       only short Unicode

                                                                                   Copyright © by EC-Council
EC-Council                                               All Rights reserved. Reproduction is strictly prohibited
     Unicode Directory Traversal
     Vulnerability
       Occurs due to a canonicalization error in Microsoft IIS 4.0 and 5.0
       A malformed URL could be used to access files and folders that lie
       anywhere on the logical drive that contains the web folders
       This allows the attacker to escalate his privileges on the machine
       This would enable the malicious user to add, change or delete data, run
       code already on the server, or upload new code to the server and run it
       This vulnerability can be exploited by using the NETCAT as the
       backdoor (Trojan horse)



                               Warning
 This outdated vulnerability has been presented here as a proof of
 concept to demonstrate how privilege escalation attack works.
                                                                                Copyright © by EC-Council
EC-Council                                            All Rights reserved. Reproduction is strictly prohibited
       Hacking Tool: IISxploit.exe

      This tool automates
      the directory
      traversal exploit in
      IIS

      It created the
      Unicode string for
      exploitation




                                                          Copyright © by EC-Council
EC-Council                      All Rights reserved. Reproduction is strictly prohibited
       Msw3prt IPP Vulnerability

        The ISAPI extension responsible for IPP is msw3prt.dll
        An oversized print request containing a valid program
        code can be used to perform a new function or load a
        different separate program and cause buffer overflow




                            Warning
   This outdated vulnerability has been presented here as a proof
   of concept to demonstrate how a buffer overflow attack works
                                                                       Copyright © by EC-Council
EC-Council                                   All Rights reserved. Reproduction is strictly prohibited
       WebDAV / ntdll.dll Vulnerability
      WebDAV stands for "Web-based
      Distributed Authoring and Versioning"
      The IIS WebDAV component utilizes
      ntdll.dll when processing incoming
      WebDAV requests. By sending a specially
      crafted WebDAV request to an IIS 5.0
      server, an attacker may be able to execute
      arbitrary code in the Local System
      security context, essentially giving the
      attacker complete control of the system
      This vulnerability enables attackers to
      cause:
       •     Denial-of-service against Win2K
             machines
       •     Execution of malicious codes
                                                   Warning
   This outdated vulnerability has been presented here as a proof of
   concept to demonstrate how a Denial of Service attack works
                                                                                Copyright © by EC-Council
EC-Council                                            All Rights reserved. Reproduction is strictly prohibited
  Real World Instance of WebDAV Exploit




                                                     Copyright © by EC-Council
EC-Council                 All Rights reserved. Reproduction is strictly prohibited
       RPC DCOM Vulnerability
       It exists in Windows Component Object Model
       (COM) subsystem, which is a critical service used
       by many Windows applications
       DCOM service allows COM objects to
       communicate with one another across a network       RPC Exploit-GUI Hacking Tool
       and is activated by default on Windows NT,
       2000, XP, and 2003
       Attackers can reach for the vulnerability in COM
       via any of the following ports:
        •    TCP and UDP ports 135 (Remote Procedure
             Call)
        •    TCP ports 139 and 445 (NetBIOS)
        •    TCP port 593 (RPC-over-HTTP)
        •    Any IIS HTTP/HTTPS port if COM Internet
             Services are enabled
                                        Warning
   This outdated vulnerability has been presented here as a proof of
   concept to demonstrate how a buffer overflow works
                                                                                       Copyright © by EC-Council
EC-Council                                                   All Rights reserved. Reproduction is strictly prohibited
       ASN Exploits

       ASN, or Abstract Syntax Notation, is used for representing different
       types of binary data such as numbers or strings of text
       The ASN.1 exploit targets a Windows authentication protocol known
       as NT LAN Manager V2, or NTLMV2
       The attacker can run a program that will cause machines using a
       vulnerable version of the ASN.1 Library to reboot, producing a so-
       called denial-of-service attack




                                                                                Copyright © by EC-Council
EC-Council                                            All Rights reserved. Reproduction is strictly prohibited
       ASP Trojan (cmd.asp)
       ASP Trojan is a small script
       when uploaded to a Web
       Server allows you complete
       control of the remote PC
       ASP Trojan can be easily
       attached to shrink wrap
       applications thereby
       creating a backdoor




                                                                Copyright © by EC-Council
EC-Council                            All Rights reserved. Reproduction is strictly prohibited
       IIS Logs

       IIS logs all the visits in log files. The log file is located at:
       <%systemroot%>\logfiles

       If proxies are not used, then IP can be logged
       This command lists the log files:
       http://victim.com/scripts/..%c0%af../..%c0%af../..%c
       0%af../..%c0%af../..%c0%af../..%c0%af../..%c0%af../.
       .%c0%af../winnt/system32/cmd.exe?/c+dir+C:\Winnt\sys
       tem32\Logfiles\W3SVC1




                                                                                       Copyright © by EC-Council
EC-Council                                                   All Rights reserved. Reproduction is strictly prohibited
       Network Tool: Log Analyzer

   This tool helps to grab web server logs and build graphically rich self-explanatory
   reports on website usage statistics, referring sites, traffic flow, search phrases, etc.




                                                                                        Copyright © by EC-Council
EC-Council                                                    All Rights reserved. Reproduction is strictly prohibited
       Hacking Tool: CleanIISLog
      This tool clears the log entries in the IIS log files filtered by
      an IP address
      An attacker can easily cover his trace by removing entries
      based on his IP address in W3SVC Log Files




                                                                           Copyright © by EC-Council
EC-Council                                       All Rights reserved. Reproduction is strictly prohibited
       Unspecified Executable Path
       Vulnerability
        When executables and DLL files are not preceded by a path in the
        registry (e.g. explorer.exe does not have a fixed path by default)
        Windows NT 4.0 / 2000 will search for the file in the following
        locations in this order:
         • the directory from which the application loaded
         • the current directory of the parent process
         • ...\system32
         • ...\system
         • the windows directory
         • the directories specified in the PATH environment variable



                                                                                   Copyright © by EC-Council
EC-Council                                               All Rights reserved. Reproduction is strictly prohibited
       Metasploit Framework

      Metasploit framework is an advanced open-source platform for
      developing, testing, and using exploit code
      A tool for penetration testing, exploit development, and vulnerability
      research
      The framework was composed in Perl scripting language and consists of
      several components written in C, assembler, and Python
      Runs on any UNIX-like system under its default configuration
      A customized Cygwin environment for Windows OS users
      http://www.metasploit.com




                                                                                Copyright © by EC-Council
EC-Council                                            All Rights reserved. Reproduction is strictly prohibited
                                       Copyright © by EC-Council
EC-Council   All Rights reserved. Reproduction is strictly prohibited
       Metasploit - Screenshot




                                                           Copyright © by EC-Council
EC-Council                       All Rights reserved. Reproduction is strictly prohibited
       Immunity CANVAS Professional

             Immunity's CANVAS makes available hundreds of exploits, an
             automated exploitation system, and a comprehensive, reliable
             exploit development framework to penetration testers and security
             professionals worldwide
             CANVAS Professional's completely open design allows a team to
             adapt CANVAS Professional to their environment and needs
             CANVAS Professional supports Windows, Linux MacOSX and
             other Python environments
             One license costs $ 1244. One license allows up to 10
             users/installations



       Source courtsey: http://www.immunitysec.com/products-canvas.shtml
                                                                                   Copyright © by EC-Council
EC-Council                                               All Rights reserved. Reproduction is strictly prohibited
       Screenshot 1




                                                Copyright © by EC-Council
EC-Council            All Rights reserved. Reproduction is strictly prohibited
       Screenshot 2




                                                Copyright © by EC-Council
EC-Council            All Rights reserved. Reproduction is strictly prohibited
       Core Impact

      CORE IMPACT is the first
      automated, comprehensive
      penetration testing product for
      assessing specific information
      security threats to an
      organization

      By safely exploiting
      vulnerabilities in your network
      infrastructure, the product
      identifies real, tangible risks to
      information assets while testing
      the effectiveness of your
      existing security investments


                                                                     Copyright © by EC-Council
EC-Council                                 All Rights reserved. Reproduction is strictly prohibited
       Screenshots




                                               Copyright © by EC-Council
EC-Council           All Rights reserved. Reproduction is strictly prohibited
       Screenshots




                                               Copyright © by EC-Council
EC-Council           All Rights reserved. Reproduction is strictly prohibited
       Screenshots




                                               Copyright © by EC-Council
EC-Council           All Rights reserved. Reproduction is strictly prohibited
                                       Copyright © by EC-Council
EC-Council   All Rights reserved. Reproduction is strictly prohibited
       Hotfixes and Patches

      A hotfix is code that fixes a bug in a product. The

      users may be notified through emails or through

      the vendor’s website

      Hotfixes are sometimes packaged as a set of fixes

      called a combined hotfix or service pack

      A patch can be considered as a repair job in a piece

      of programming problem. A patch is the

      immediate solution that is provided to users


                                                                                Copyright © by EC-Council
EC-Council                                            All Rights reserved. Reproduction is strictly prohibited
       What is Patch Management?

       “Patch management is a process used to ensure
       that the appropriate patches are installed on a
       system”
       It involves the following:
        • Choosing, verifying, testing, and applying
          patches
        • Updating previously applied patches with
          current patches
        • Listing patches applied previously to the
          current software
        • Recording repositories, or depots, of patches
          for easy selection
        • Assigning and deploying applied patches

                                                                                 Copyright © by EC-Council
EC-Council                                             All Rights reserved. Reproduction is strictly prohibited
       Solution: UpdateExpert

        UpdateExpert is a Windows administration program that helps you
        secure your systems by remotely managing service packs and
        hotfixes
        Microsoft constantly releases updates for the OS and mission
        critical applications, which fix security vulnerabilities and system
        stability problems
        UpdateExpert enhances security, keeps systems up-to-date,
        eliminates sneaker-net, improves system reliability and QoS




                                                                                 Copyright © by EC-Council
EC-Council                                             All Rights reserved. Reproduction is strictly prohibited
       Screenshot




                                              Copyright © by EC-Council
EC-Council          All Rights reserved. Reproduction is strictly prohibited
       Patch Management Tool: qfecheck

      Qfecheck allows customers to
      diagnose and eliminate the effects
      of anomalies in the packaging of
      hotfixes for Microsoft Windows
      2000

      Qfecheck.exe determines which
      hotfixes are installed by reading the
      information stored in the following
      registry key:

       • HKEY_LOCAL_MACHINE\SO
             FTWARE\Microsoft\Updates
                                                                        Copyright © by EC-Council
EC-Council                                    All Rights reserved. Reproduction is strictly prohibited
       Patch Management Tool: HFNetChk
       A command-line tool that enables the administrator to check the patch
     status of all the machines in a network remotely
      It does this function by referring to an XML database that Microsoft
     constantly updates




                                                                                   Copyright © by EC-Council
EC-Council                                               All Rights reserved. Reproduction is strictly prohibited
       cacls.exe Utility

     Built-in Windows 2000 utility (cacls.exe) can set access
     control list (ACLs) permissions globally
     To change permissions on all executable files to System:Full,
     Administrators:Full,
  C:\>cacls.exe c:\myfolder\*.exe /T /G System:F
    Administrators:F




                                                                       Copyright © by EC-Council
EC-Council                                   All Rights reserved. Reproduction is strictly prohibited
       Vulnerability Scanners

        The different types of vulnerability scanners according to
        their availability are:
         • Online Scanners : e.g. www.securityseers.com
         • Open Source scanners: e.g. Snort, Nessus Security
           Scanner, and Nmap
         • Linux Proprietary Scanners: The resource for scanners on Linux
           is SANE (Scanner Access Now Easy). Besides SANE there is
           XVScan, Parallel Port Scanners under Linux, and USB Scanners
           on Linux
         • Commercial Scanners: You can purchase these from the vendors


                                                                              Copyright © by EC-Council
EC-Council                                          All Rights reserved. Reproduction is strictly prohibited
       Online Vulnerability Search Engine




                                                         Copyright © by EC-Council
EC-Council                     All Rights reserved. Reproduction is strictly prohibited
       Network Tool: Whisker
      Whisker is an automated vulnerability scanning software
      that scans for the presence of exploitable files on remote
      web servers
      Refer to the output of this simple scan below and you will
      see that Whisker has identified several potentially
      dangerous files on this IIS5Server




                                                                        Copyright © by EC-Council
EC-Council                                    All Rights reserved. Reproduction is strictly prohibited
    Network Tool: N-Stealth HTTP
    Vulnerability Scanner




                                                      Copyright © by EC-Council
EC-Council                  All Rights reserved. Reproduction is strictly prohibited
       Hacking Tool: WebInspect

     WebInspect is an impressive web
     server and application-level
     vulnerability scanner that scans over
     1,500 known attacks
     It checks site contents and analyzes for
     rudimentary application-issues like
     smart guesswork checks, password
     guessing, parameter passing, and
     hidden parameter checks
     It can analyze a basic web server in 4
     minutes, cataloging over 1,500 HTML
     pages



                                                                          Copyright © by EC-Council
EC-Council                                      All Rights reserved. Reproduction is strictly prohibited
    Network Tool: Shadow Security Scanner

      Security scanner is designed to identify known and
      unknown vulnerabilities, suggest fixes to identified
      vulnerabilities, and report possible security holes
      within a network's Internet, intranet, and extranet
      environments
      Shadow Security Scanner includes vulnerability
      auditing modules for many systems and services
      These include NetBIOS, HTTP, CGI and WinCGI,
      FTP, DNS, DoS vulnerabilities, POP3,
      SMTP,LDAP,TCP/IP, UDP, Registry, Services,
      users and accounts, password vulnerabilities,
      publishing extensions, MSSQL,IBM
      DB2,Oracle,MySQL, PostgressSQL, Interbase,
      MiniSQL, and more

                                                                                       Copyright © by EC-Council
EC-Council                                                   All Rights reserved. Reproduction is strictly prohibited
       Screenshots




                                               Copyright © by EC-Council
EC-Council           All Rights reserved. Reproduction is strictly prohibited
       SecureIIS

         Developed by eEye Digital Security specifically for Windows-based
         web servers, SecureIIS operates within Microsoft's IIS to protect
         your servers against known and unknown attacks




                                                                              Copyright © by EC-Council
EC-Council                                          All Rights reserved. Reproduction is strictly prohibited
       Countermeasures

      IISLockdown:
       •     IISLockdown restricts anonymous access to system utilities as well as the ability to write to web
             content directories
       •     It disables Web Distributed Authoring and Versioning (WebDAV)
       •     It installs the URLScan ISAPI filter


     URLScan:
           • UrlScan is a security tool that screens all incoming requests to the server by
             filtering the requests based on rules that are set by the administrator


     MBSA Utility:
           • Microsoft Baseline Security Analyzer (MBSA) is an easy-to-use tool that
             determines the security state in accordance with Microsoft security
             recommendations and offers specific remediation guidance

                                                                                                      Copyright © by EC-Council
EC-Council                                                                  All Rights reserved. Reproduction is strictly prohibited
     File System Traversal Countermeasures

       Microsoft recommends setting the NTFS ACLS
       on cmd.exe and several other powerful
       executables to Administration and SYSTEM:
       Full Control only
       Sample files must be removed
       Monitor the audit logs
       Apply Microsoft patches and hotfixes regularly




                                                                                  Copyright © by EC-Council
EC-Council                                              All Rights reserved. Reproduction is strictly prohibited
       Increasing Web Server Security

       Use of Firewalls
       Administrator Account Renaming
       Disabling the Default Websites
       Removal of Unused Application Mappings
       Disabling Directory Browsing
       Legal Notices
       Service Packs, Hotfixes, and Templates
       Checking for Malicious Input in Forms and
       Query Strings
       Disable Remote Administration


                                                                             Copyright © by EC-Council
EC-Council                                         All Rights reserved. Reproduction is strictly prohibited
         Web Server Protection Checklist
    1.   Patches and Updates
          •    Run MBSA utility on a regular interval to check for latest operating system and components
               updates
    2.   Auditing and Logging
          •    Enable failed logon attempts in the log
          •    Relocate and secure IIS log files
    3.   IISLockdown
          •    Run IISLockdown and URLScan to lock down the servers
          •    Sites and Virtual Directories
    4.   Services
          •    Disable unnecessary Windows services
          •    Run essential services with least privileges
    5.   Script Mappings
          •    Extensions not used by the application are mapped to 404.dll (.idq,.htw, .ida, .shtml, .shtm,
               .stm, idc, .htr, .printer)
    6.   Protocols
          •    Disable WebDAV
          •    Disable NetBIOS and SMB (Block ports 137, 138, 139, and 445)
    7.   ISAPI Filters
                 - Remove unused ISAPI filters

                                                                                                                              Copyright © by EC-Council
EC-Council                                                                                          All Rights reserved. Reproduction is strictly prohibited
         Web Server Protection Checklist
         (cont’d)
   8.        Accounts
         •           Remove unused accounts
         •           Disable guest
         •           Rename administrator account
         •           Disable null user connections
         •           Enable administrator to log on locally
   9.        IIS Metabase
         •           Access to the metabase is restricted by using NTFS permissions
   10.       Files and Directories
         •           Files and directories are contained on NTFS volumes
         •           Web site content is located on a non-system NTFS volume
         •           Web site root directory has deny write for IUSR COMPUTERNAME
   11.       Server Certificates
         •           The certificate's public key is valid, all the way to a trusted root authority
   12.       Shares
         •           Administrative shares (C$ and Admin$) are removed
   13.       Machine.config
         1.          Unused HttpModules are removed
         2.          Tracing is disabled <trace enable="false"/>
   14.       Ports
         •           Restrict Web applications to use only port 80 and 443
   15.       Code Access Security
         •           Code access security is enabled on the server


                                                                                                                                Copyright © by EC-Council
EC-Council                                                                                            All Rights reserved. Reproduction is strictly prohibited
       What happened next?

        Jason Springfield, an Ethical Hacker was called in to investigate the matter. During
        his tests, Jason found that the website had all default configurations, and no
        precautionary steps were taken while building the website.

        The test exposed lot of security loopholes in the website.

        The defacement was possible as the website was built with all default configuration.
        The web server was not updated and hot fixes were not installed.

        There was a flaw in the Index.htm file of the website.

         The attacker exploited this flaw, and defacing was a piece of cake for him!!

        Jason fixed the holes and changed the default configurations. This incident made the
        management of SpeedCake4u realize the need for a professional web designer.




                                                                                               Copyright © by EC-Council
EC-Council                                                           All Rights reserved. Reproduction is strictly prohibited
       Summary

        Web servers assume critical importance in the realm of Internet security
        Vulnerabilities exist in different releases of popular web servers and respective
        vendors patch these often
        The inherent security risks owing to compromised web servers have impact on the
        local area networks that host these websites, even on the normal users of web
        browsers
        Looking through the long list of vulnerabilities that had been discovered and patched
        over the past few years provides an attacker ample scope to plan attacks to unpatched
        servers
        Different tools/exploit codes aid an attacker in perpetrating web server hacking
        Countermeasures include scanning for existing vulnerabilities and patching them
        immediately, anonymous access restriction, incoming traffic request screening, and
        filtering


                                                                                            Copyright © by EC-Council
EC-Council                                                        All Rights reserved. Reproduction is strictly prohibited
                                       Copyright © by EC-Council
EC-Council   All Rights reserved. Reproduction is strictly prohibited
                                       Copyright © by EC-Council
EC-Council   All Rights reserved. Reproduction is strictly prohibited
                                       Copyright © by EC-Council
EC-Council   All Rights reserved. Reproduction is strictly prohibited

				
DOCUMENT INFO
Description: Hacking course PPT's with clear pratical examples and tools to be used